Google encryption flaw could allow video piracy

A patch is in the works for a flaw in Google encryption technology that opens the door for video piracy.

A Google vulnerability could allow bad actors to hijack video content from protected videos, according to online newspaper Jewish Business News.

A flaw within the encryption technology of Widevine EME/CDM is said to hold the potential to allow attackers to steal protected content from a number of streaming services. The flaw could allow an attacker to workaround protections and save a decrypted file, which they can then make available to pirated sites.

Researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) working with a security researcher from Telekom Innovation Laboratories in Berlin, offered an attack proof-of-concept capable of saving a decrypted version of streamed content protected by Google Widevine DRM that was played on a computer's disk drive via Google Chrome.

Google's security team has been notified of the flaw and the researchers, via Google's Project Zero for responsible disclosure, are aiding in developing a patch.

"We appreciate the researchers' report and we're examining it closely," a Google spokesperson informed SCMagazine.com. "Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so."

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.